Solved Infected laptop -COM Surrogate

[rakija77]

Hello everyone, I'm a new user here.

Yesterday I noticed something consuming my CPUs resources, and I found this COM surrogate process running in my task menager.

I googled it and I stumbled upon this forum and 2 topics by people with the same problem who got help from Mr. Broni.

I'm pasting the FRST log file with addition, hopefully you guys, or Mr. Broni have time to guide me through the removal process.
Thank you.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2017
Ran by Korisnik (administrator) on MSIGT60 (02-07-2017 23:09:52)
Running from C:\Users\Roko\AppData\Local\Temp\scoped_dir5484_781
Loaded Profiles: Korisnik (Available Profiles: Korisnik)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18290688 2017-03-30] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3366624 2016-12-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [297984 2016-01-22] (MSI)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\KLM\KLM.exe [2151224 2015-11-10] (Application)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1483072306-4082277022-3870291831-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170360 2017-04-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2017-04-01] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4F116F40-EBFC-4D9D-9F6E-D4ECEE7223D9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BC1B9C2D-5EC3-4230-9CAC-826EEAD2C223}: [DhcpNameServer] 83.139.103.3 83.139.121.8

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-07] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-07] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-07] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Roko\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-05-07]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144088 2016-12-22] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-01-22] (Micro-Star International Co., Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
S2 NVWMI; C:\Windows\system32\nvwmi64.exe [4243392 2017-04-01] (NVIDIA Corporation)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [401024 2017-06-16] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [178824 2017-06-16] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [32840 2017-02-10] (ELAN Microelectronic Corp.)
R3 KillerEth; C:\Windows\system32\DRIVERS\e2xw8x64.sys [162456 2016-02-12] (Qualcomm Atheros, Inc.)
R1 MpKsl0a861aa9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A48DACBD-A7AD-49D8-8C9D-767C16EB79A6}\MpKsl0a861aa9.sys [44928 2017-07-02] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-04-26] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-06-22] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-07-02] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 23:08 - 2017-07-02 23:09 - 00000000 ____D C:\FRST
2017-07-02 23:08 - 2017-07-02 23:08 - 02435584 _____ (Farbar) C:\Users\Roko\Desktop\FRST64.exe
2017-07-02 23:05 - 2017-07-02 23:05 - 00000906 _____ C:\Users\Roko\Desktop\JRT.txt
2017-07-02 23:04 - 2017-07-02 23:04 - 01663672 _____ (Malwarebytes) C:\Users\Roko\Desktop\JRT.exe
2017-07-02 23:00 - 2017-07-02 23:00 - 00001153 _____ C:\Users\Roko\Desktop\AdwCleaner[C2].txt
2017-07-02 22:13 - 2017-07-02 22:13 - 04110280 _____ C:\Users\Roko\Desktop\adwcleaner_6.047.exe
2017-07-02 16:06 - 2017-07-02 16:02 - 00002116 _____ C:\Users\Roko\Desktop\mbar-log-2017-07-02 (15-48-53).txt
2017-07-02 15:48 - 2017-07-02 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-02 15:46 - 2017-07-02 15:46 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-07-02 15:43 - 2017-07-02 16:02 - 00000000 ____D C:\Users\Roko\Desktop\mbar
2017-07-02 15:42 - 2017-07-02 15:42 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Roko\Desktop\mbar-1.09.3.1001.exe
2017-07-02 15:08 - 2017-07-02 15:08 - 00004256 _____ C:\Users\Roko\Desktop\rk_DF55.tmp.txt
2017-07-02 14:45 - 2017-07-02 14:45 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-07-02 14:45 - 2017-07-02 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-02 14:45 - 2017-07-02 14:45 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-02 14:43 - 2017-07-02 14:43 - 35489760 _____ (Adlice Software ) C:\Users\Roko\Desktop\RogueKiller_setup.exe
2017-07-02 14:40 - 2017-07-02 14:46 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-02 14:34 - 2017-07-02 14:39 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-02 14:30 - 2017-07-02 14:31 - 35489760 _____ (Adlice Software ) C:\Users\Roko\Downloads\RogueKiller_setup_ref3.exe
2017-07-02 14:14 - 2017-07-02 22:56 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-02 14:14 - 2017-07-02 14:14 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-02 14:14 - 2017-07-02 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-02 14:14 - 2017-07-02 14:14 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-02 14:14 - 2017-06-27 12:06 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-02 14:11 - 2017-07-02 14:13 - 65033984 _____ (Malwarebytes ) C:\Users\Roko\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-02 14:08 - 2017-07-02 14:10 - 64025992 _____ (Malwarebytes ) C:\Users\Roko\Desktop\mb3-setup-32138.32138-3.1.2.1733-1.0.139-1.0.2060.exe
2017-07-02 11:40 - 2017-07-02 11:40 - 00000000 ____D C:\Users\Roko\Downloads\La.Haine.French.Dutch.and.English.Subs.Dvdrip.1995-PrinzNL
2017-06-30 23:04 - 2017-06-30 23:04 - 00001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-06-29 23:53 - 2017-06-29 23:53 - 00003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-06-29 23:53 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-06-29 23:53 - 2017-06-21 09:07 - 00179320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-06-29 23:53 - 2017-06-21 09:07 - 00146552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-06-29 23:53 - 2017-06-21 09:07 - 00048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-06-28 19:39 - 2017-06-28 19:39 - 00000000 ____D C:\Users\Roko\Documents\League of Legends
2017-06-28 19:38 - 2017-06-28 19:38 - 00000000 ____D C:\Users\Roko\AppData\Roaming\LolClient
2017-06-28 18:04 - 2017-06-28 18:04 - 00000000 ____D C:\ProgramData\Riot Games
2017-06-28 18:03 - 2017-06-29 10:39 - 00001720 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-06-28 18:03 - 2017-06-28 18:03 - 00000000 ____D C:\Riot Games
2017-06-28 18:03 - 2017-06-28 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-06-28 18:03 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-06-28 18:03 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-06-28 18:03 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-06-28 18:00 - 2017-06-28 18:03 - 00000000 ____D C:\Users\Roko\AppData\Roaming\Riot Games
2017-06-22 10:05 - 2017-07-02 15:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-21 21:14 - 2017-06-21 21:14 - 00000000 ____D C:\Users\Roko\Desktop\YEEZY
2017-06-20 18:32 - 2017-06-20 18:42 - 00000000 ____D C:\Users\Roko\Downloads\Rushmore (1998)
2017-06-20 18:32 - 2017-06-20 18:33 - 00000000 ____D C:\Users\Roko\Downloads\Leon The Professional Extended (1994)
2017-06-20 18:32 - 2017-06-20 18:32 - 00018076 _____ C:\Users\Roko\Downloads\Léon- The Professional (1994) [720p] [YTS.AG].torrent
2017-06-20 18:32 - 2017-06-20 18:32 - 00008188 _____ C:\Users\Roko\Downloads\Rushmore (1998) [720p] [YTS.AG] (1).torrent
2017-06-20 18:31 - 2017-06-20 18:31 - 00008188 _____ C:\Users\Roko\Downloads\Rushmore (1998) [720p] [YTS.AG].torrent
2017-06-17 17:25 - 2017-06-29 15:57 - 00000000 ____D C:\Users\Roko\AppData\Roaming\TS3Client
2017-06-17 17:25 - 2017-06-17 17:25 - 00000979 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-06-17 17:25 - 2017-06-17 17:25 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-06-17 17:25 - 2017-06-17 17:25 - 00000000 ____D C:\Users\Roko\.TeamSpeak 3
2017-06-17 17:25 - 2017-06-17 17:25 - 00000000 ____D C:\Users\Roko\.QtWebEngineProcess
2017-06-17 17:25 - 2017-06-17 17:25 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-06-16 10:06 - 2017-06-16 10:06 - 00109696 _____ (Razer Inc.) C:\Windows\system32\RzChromaSDK64.dll
2017-06-16 10:06 - 2017-06-16 10:06 - 00102016 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll
2017-06-16 09:54 - 2017-06-16 09:54 - 00049288 _____ (Razer Inc.) C:\Windows\SysWOW64\RzAPIChromaSDK.dll
2017-06-15 23:33 - 2017-06-15 23:33 - 325541992 _____ C:\Windows\MEMORY.DMP
2017-06-15 23:33 - 2017-06-15 23:33 - 00270816 _____ C:\Windows\Minidump\061517-17265-01.dmp
2017-06-14 16:39 - 2017-06-02 14:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-14 16:39 - 2017-06-02 14:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-14 16:39 - 2017-06-02 14:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-14 16:39 - 2017-06-02 14:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 16:39 - 2017-06-02 14:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-14 16:39 - 2017-06-02 13:30 - 03635200 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-14 16:39 - 2017-06-02 13:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-14 16:39 - 2017-06-02 12:58 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-14 16:39 - 2017-06-02 12:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-14 16:39 - 2017-06-02 12:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-14 16:39 - 2017-06-02 12:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-14 16:39 - 2017-06-02 12:02 - 02751488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-14 16:39 - 2017-06-02 11:43 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-14 16:39 - 2017-06-02 11:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-14 16:39 - 2017-05-15 21:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-14 16:39 - 2017-05-14 22:44 - 04170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-14 16:39 - 2017-05-14 22:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 16:39 - 2017-05-14 22:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-14 16:39 - 2017-05-14 22:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-14 16:39 - 2017-05-14 22:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 16:39 - 2017-05-14 22:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-14 16:39 - 2017-05-14 21:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 16:39 - 2017-05-14 21:32 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-06-14 16:39 - 2017-05-14 21:31 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-06-14 16:39 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-14 16:39 - 2017-05-14 21:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-14 16:39 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-14 16:39 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-14 16:39 - 2017-05-14 21:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-14 16:39 - 2017-05-14 21:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 16:39 - 2017-05-14 20:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-14 16:39 - 2017-05-14 20:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-14 16:39 - 2017-05-14 20:48 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-06-14 16:39 - 2017-05-14 20:46 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-06-14 16:39 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-14 16:39 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-14 16:39 - 2017-05-14 20:38 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-14 16:39 - 2017-05-14 20:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-14 16:39 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-14 16:39 - 2017-05-14 20:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-14 16:39 - 2017-05-14 20:16 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 16:39 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-14 16:39 - 2017-05-14 20:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 16:39 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-14 16:39 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-14 16:39 - 2017-05-14 20:06 - 07441240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 16:39 - 2017-05-14 20:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 16:39 - 2017-05-14 20:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-14 16:39 - 2017-05-12 19:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-14 16:39 - 2017-05-12 18:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-14 16:39 - 2017-05-12 18:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-14 16:39 - 2017-05-12 17:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-14 16:39 - 2017-05-12 17:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-14 16:39 - 2017-05-12 17:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-14 16:39 - 2017-05-12 17:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-14 16:39 - 2017-05-12 06:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 16:39 - 2017-05-12 04:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 16:39 - 2017-05-12 04:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 16:39 - 2017-05-12 04:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 16:39 - 2017-05-12 04:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 16:39 - 2017-05-12 04:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 16:39 - 2017-05-12 04:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-06-14 16:39 - 2017-05-12 04:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 16:39 - 2017-05-12 04:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 16:39 - 2017-05-12 04:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 16:39 - 2017-05-12 01:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 16:39 - 2017-05-12 01:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-14 16:39 - 2017-05-10 20:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 16:39 - 2017-05-06 18:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 16:39 - 2017-05-06 18:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 16:39 - 2017-04-09 22:40 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhvr.sys
2017-06-14 16:39 - 2017-04-09 22:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2017-06-14 16:39 - 2017-04-09 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbusr.sys
2017-06-14 16:39 - 2017-04-09 21:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspiper.dll
2017-06-14 16:39 - 2017-04-06 19:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-14 16:39 - 2017-04-06 19:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-06-14 16:39 - 2017-04-06 18:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 16:39 - 2017-04-06 18:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-14 16:39 - 2017-04-06 18:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-14 16:39 - 2017-04-06 18:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-06-14 16:39 - 2017-04-06 18:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-14 16:39 - 2017-04-06 17:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-06-14 16:39 - 2017-04-02 16:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-14 16:39 - 2017-04-02 15:40 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-06-14 16:39 - 2016-06-11 18:50 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-14 16:39 - 2016-06-11 18:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-10 09:16 - 2017-06-10 09:16 - 00013216 _____ C:\Users\Roko\Documents\cc_20170610_091604.reg
2017-06-10 09:15 - 2017-06-10 09:15 - 00067434 _____ C:\Users\Roko\Documents\cc_20170610_091534.reg
2017-06-07 22:57 - 2017-06-07 23:04 - 00000000 ____D C:\Users\Roko\Downloads\The Last King of Scotland (2006)
2017-06-04 09:46 - 2017-06-04 09:53 - 00000000 ____D C:\Users\Roko\Desktop\New folder
2017-06-04 09:00 - 2017-06-04 09:07 - 00007602 _____ C:\Users\Roko\AppData\Local\resmon.resmoncfg
2017-06-04 07:44 - 2017-07-02 22:55 - 00000000 ____D C:\AdwCleaner
2017-06-03 09:13 - 2017-06-03 10:40 - 00000000 ____D C:\Users\Roko\Downloads\codex-rime

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 23:05 - 2017-05-06 20:57 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-02 23:03 - 2017-05-06 20:54 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1483072306-4082277022-3870291831-1001
2017-07-02 22:58 - 2017-05-07 01:07 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-02 22:56 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-02 22:55 - 2017-05-06 20:44 - 00000000 ____D C:\Users\Roko
2017-07-02 15:06 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-02 14:38 - 2017-05-06 20:55 - 00000000 ____D C:\Users\Roko\AppData\Roaming\uTorrent
2017-07-02 14:03 - 2017-05-06 21:07 - 00000000 ____D C:\Program Files\Opera
2017-07-02 02:09 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-06-30 23:04 - 2017-05-06 21:07 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1494097665
2017-06-29 23:53 - 2017-05-06 23:11 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:11 - 00001432 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-06-29 23:53 - 2017-05-06 23:10 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:10 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:10 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:10 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:10 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:10 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 20:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-29 23:53 - 2017-05-06 20:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-29 23:53 - 2017-05-06 20:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-21 09:07 - 2017-05-06 23:11 - 01903224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-06-21 09:07 - 2017-05-06 23:11 - 01755256 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-06-21 09:07 - 2017-05-06 23:11 - 01489528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-06-21 09:07 - 2017-05-06 23:11 - 01317496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-06-21 09:07 - 2017-05-06 23:11 - 00121464 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-06-20 22:58 - 2017-05-06 23:10 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-06-17 03:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2017-06-16 21:09 - 2017-05-06 20:48 - 00000000 ____D C:\Users\Roko\AppData\Local\Packages
2017-06-16 21:09 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 21:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-06-15 23:33 - 2017-05-15 20:24 - 00000000 ____D C:\Windows\Minidump
2017-06-15 09:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-06-15 08:10 - 2013-08-22 16:44 - 00365880 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-15 00:45 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-06-14 17:01 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-06-14 17:00 - 2017-05-06 21:13 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 16:58 - 2017-05-06 21:13 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-14 16:34 - 2017-05-07 14:49 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-14 16:34 - 2017-05-07 14:49 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-14 16:34 - 2017-05-07 14:49 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-13 21:39 - 2017-05-10 00:17 - 00000980 _____ C:\Users\Roko\Documents\fgfgfgffg.txt
2017-06-13 21:10 - 2017-06-01 19:42 - 00000000 ____D C:\Users\Roko\Desktop\TRIO DIvertimento
2017-06-10 10:20 - 2017-05-06 21:08 - 00000000 ____D C:\Users\Roko\AppData\Local\CrashDumps
2017-06-10 10:18 - 2017-05-06 23:02 - 00000000 ____D C:\Users\Roko\AppData\Local\ElevatedDiagnostics
2017-06-10 10:06 - 2017-05-06 20:46 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-10 09:27 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-06-10 09:22 - 2017-05-15 21:51 - 00035328 ___SH C:\Users\Roko\Desktop\Thumbs.db
2017-06-10 09:14 - 2017-05-07 06:36 - 00000000 ____D C:\Windows\Panther
2017-06-10 09:07 - 2017-05-07 05:50 - 00000000 __SHD C:\Users\Roko\AppData\Local\EmieUserList
2017-06-10 09:07 - 2017-05-07 05:50 - 00000000 __SHD C:\Users\Roko\AppData\Local\EmieSiteList
2017-06-10 09:06 - 2017-05-08 22:18 - 00004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-10 09:06 - 2017-05-07 22:12 - 00000000 ____D C:\Users\Roko\AppData\Local\Adobe
2017-06-10 09:06 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-10 09:06 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-07 22:51 - 2017-05-06 20:57 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-06-04 09:10 - 2013-08-22 17:36 - 00000000 ____D C:\PerfLogs
2017-06-03 04:31 - 2017-05-09 16:24 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-03 04:31 - 2017-05-09 16:24 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-06-04 09:00 - 2017-06-04 09:07 - 0007602 _____ () C:\Users\Roko\AppData\Local\resmon.resmoncfg
2017-05-25 22:06 - 2017-05-25 22:06 - 0000003 _____ () C:\Users\Roko\AppData\Local\updater.log
2017-05-25 22:06 - 2017-05-25 22:06 - 0000425 _____ () C:\Users\Roko\AppData\Local\UserProducts.xml

Files to move or delete:
====================
C:\Users\Roko\installshield_scm.reg
C:\Users\Roko\scm.reg


Some files in TEMP:
====================
2017-07-02 14:34 - 2017-05-14 20:06 - 1737600 _____ (Microsoft Corporation) C:\Users\Roko\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-25 20:27

==================== End of FRST.txt ============================

 

[rakija77]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017
Ran by Korisnik (02-07-2017 23:10:47)
Running from C:\Users\Roko\AppData\Local\Temp\scoped_dir5484_781
Windows 8.1 Pro (Update) (X64) (2017-05-06 18:47:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1483072306-4082277022-3870291831-500 - Administrator - Disabled)
Guest (S-1-5-21-1483072306-4082277022-3870291831-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1483072306-4082277022-3870291831-1003 - Limited - Enabled)
Korisnik (S-1-5-21-1483072306-4082277022-3870291831-1001 - Administrator - Enabled) => C:\Users\Roko

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1483072306-4082277022-3870291831-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
ELAN Touchpad 15.13.7.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.7.1 - ELAN Microelectronic Corp.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.14.5270 - Gretech Corporation)
Help Desk (HKLM-x32\...\{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1610.3101 - Micro-Star International Co., Ltd.) Hidden
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1610.3101 - Micro-Star International Co., Ltd.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
KLM (HKLM-x32\...\{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1511.1001 - Application) Hidden
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1511.1001 - Application)
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation)
NVIDIA nView 148.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.47 - NVIDIA Corporation)
NVIDIA WMI 2.30.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.30.0 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Opera Stable 46.0.2597.32 (HKLM-x32\...\Opera 46.0.2597.32) (Version: 46.0.2597.32 - Opera Software)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.2.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.28161 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8105 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.4.0 - Adlice Software)
S-Bar (HKLM-x32\...\{EA37105B-24BD-4B05-8D4A-3CA5945CBD40}) (Version: 21.012.12039 - )
SCM (HKLM\...\{8B57FEA1-ABC0-4469-9205-856FD0D97C40}) (Version: 13.016.01229 - Application)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinRAR 5.50 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.2 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1483072306-4082277022-3870291831-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-05-05] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers05: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2017-02-15] ()
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-04-01] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-05-05] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10E6DE53-CFBB-4808-9387-FDD75B9E7498} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {13C552C3-1635-457C-B7F0-44F64A9F52A7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-06-10] (Adobe Systems Incorporated)
Task: {6A521564-F8CC-45A4-B67F-70AB0763989D} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2017-02-15] ()
Task: {6CD357D1-7F35-487E-8DDE-830C166450E3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {6E6AA8BB-D67D-4196-BC4E-3EA18DEE6F62} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {73B44330-4EE0-494D-ADAA-E625E094153E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {74544A63-6549-4788-9A33-8D8C24FD3466} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {7C391A88-EC41-4ECC-B250-AF8858DAFD3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {954CC547-7EC4-470D-A0D4-D3F2EE511A0C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {9B7A3264-7C92-46A8-9463-DE5A010A17EE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {AE25B5AC-298F-4692-88C8-4C995D3A6C7F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {B9499BAC-CEB4-45BA-B14A-C3B4862F6457} - System32\Tasks\Microsoft\Windows\PLA\New Data Collector Set => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "New Data Collector Set" "$(Arg0)"
Task: {D018382E-AF5C-4C9F-A735-247A126A3225} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2016-10-31] (Micro-Star International Co., Ltd.)
Task: {DDEC85D5-383C-4575-B0CA-647A5ADADF18} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {EAD3E5C2-FD55-4111-8248-F2DE9606441A} - System32\Tasks\Opera scheduled Autoupdate 1494097665 => C:\Program Files\Opera\launcher.exe [2017-06-27] (Opera Software)
Task: {EC31D47A-348F-4619-8774-3CA2F0CEDCCA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {F2D39596-C03D-4469-A74F-8123EEA6C45F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-09-25 00:20 - 2016-09-25 00:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-05-06 23:10 - 2017-06-21 09:07 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-06 23:10 - 2017-06-21 09:07 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1483072306-4082277022-3870291831-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roko\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{10B2716A-D89C-4AED-907C-C85D3A2A6190}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE1C98D0-6A7B-4F05-9968-3049B7FE8C2E}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9E47627B-7D73-4114-B58A-52632767DDBD}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E60E6F9-F81E-4C14-8516-07FC003AB30B}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5D613270-A6DB-4FD6-9A22-83D9DA6FEDE8}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{402D1BD4-4A78-49ED-BB40-4601DAAEE130}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2DCD11F2-A328-4631-ACE7-C1B204E473C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C6335945-48CF-4FE6-B4E2-515454705D06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C5F8A03D-AC5F-45A2-AA8C-63547996015C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B7B2CA41-9E66-4CC9-87A5-8604A8E2E1C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9368F0D9-FAC0-44E4-8747-13234D4B1B22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3D56A99E-042E-422A-99C7-2BC14DB8B8B6}C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe] => (Allow) C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe
FirewallRules: [UDP Query User{98539144-8CA6-4C4E-AC37-61EC7837E7FE}C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe] => (Allow) C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe
FirewallRules: [{40313F28-97BC-483E-95CB-B7E79267D67A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3B1FADB-C8C6-4BD5-A938-0196293110EB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CAD70CEC-EA28-4606-A452-619E75FD9002}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{58FD7F24-C322-4F40-A88A-B0E5F58B1ABB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{22856781-F347-40C4-9623-988F9966DCC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E1A6F487-DF74-481A-97C3-289C826EC72B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{6F5D28CD-B129-4D97-B47D-D972F3F3C6AD}C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe] => (Allow) C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe
FirewallRules: [UDP Query User{58EB8272-7EE3-44B0-8E7D-81744EAAC568}C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe] => (Allow) C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe
FirewallRules: [{4BD282DD-A8F5-4ADB-AA7C-450101E82E2A}] => (Allow) C:\Program Files\Opera\45.0.2552.898\opera.exe
FirewallRules: [{48D233F8-B584-4FA2-899F-FEB90C81F1D3}] => (Allow) C:\Program Files\Opera\46.0.2597.32\opera.exe

==================== Restore Points =========================

15-06-2017 23:52:06 Installed DirectX
28-06-2017 18:00:31 Installed League of Legends
02-07-2017 15:41:38 Installed New Software
02-07-2017 23:04:54 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2017 10:59:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/02/2017 10:58:06 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (07/02/2017 10:03:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/02/2017 10:02:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (07/02/2017 04:32:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: sysmain.dll, version: 6.3.9600.17931, time stamp: 0x55a006b9
Exception code: 0xc000003f
Fault offset: 0x00000000000bf8a2
Faulting process id: 0x3f8
Faulting application start time: 0x01d2f34004c936ee
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: 43099f7d-5f33-11e7-827e-8c89a5088009
Faulting package full name:
Faulting package-relative application ID:

Error: (07/02/2017 04:31:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: sysmain.dll, version: 6.3.9600.17931, time stamp: 0x55a006b9
Exception code: 0xc000003f
Fault offset: 0x00000000000bf8a2
Faulting process id: 0xc0c
Faulting application start time: 0x01d2f33fbb793acd
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: 1e986c7b-5f33-11e7-827e-8c89a5088009
Faulting package full name:
Faulting package-relative application ID:

Error: (07/02/2017 04:29:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: sysmain.dll, version: 6.3.9600.17931, time stamp: 0x55a006b9
Exception code: 0xc000003f
Fault offset: 0x00000000000bf8a2
Faulting process id: 0x78c
Faulting application start time: 0x01d2ee9e432f9d8c
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: d51c1e49-5f32-11e7-827e-8c89a5088009
Faulting package full name:
Faulting package-relative application ID:

Error: (07/02/2017 03:41:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKslf9d4ccf8.

System Error:
The system cannot find the file specified.
.

Error: (07/02/2017 12:15:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/02/2017 12:14:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (07/02/2017 11:05:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/02/2017 11:05:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA WMI Provider service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2017 11:05:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Chroma SDK Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Chroma SDK Server service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-06-27 21:44:56.114
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-22 10:14:48.941
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-18 16:56:11.491
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-15 08:48:59.851
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-13 18:18:22.493
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-11 06:55:34.801
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-09 18:11:52.324
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-07 16:44:26.691
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-04 10:09:55.075
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-04 07:31:12.705
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 10%
Total physical RAM: 16276.85 MB
Available physical RAM: 14594.3 MB
Total Virtual: 32660.85 MB
Available Virtual: 30814.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.71 GB) (Free:352.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5DE0B927)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[rakija77]

Hello, dear Mr. Broni, I am so delighted that you responded to me.

Before posting this message I actually already did a couple of scans.
I've done the scans from this topic: https://www.techspot.com/community/topics/com-surrogate-potential-virus.208025/

1. RogueKiller
2. Malwarebytes Anti-Rootkit
3. AdwCleaner
4. Junkware Removal Tool
5. Farbar Recovery Scan Tool

I ran FRST last, then I didn't go further because of your alert, not to go becase that is the process for that specific user.
Then I created this topic and posted the same logs I got from the last scan with FRST.
Now I'm posting the scans I did in this order. If there is a mistake I did, please inform me and tell me what to do, I will not do anything, You didn't instruct me to, from now on.

 

[rakija77]

RogueKiller V12.11.4.0 (x64) [Jun 26 2017] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Korisnik [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 07/02/2017 14:46:38 (Duration : 00:20:22)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC1B9C2D-5EC3-4230-9CAC-826EEAD2C223} | DhcpNameServer : 83.139.103.3 83.139.121.8 ([X][X]) -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[Tr.Gen0][File] C:\Users\Roko\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Roko\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\WdfCoInstaller01009.dll -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\WinDivert.dll -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\WinDivert.inf -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\WinDivert.sys -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS725050A7E630 +++++
--- User ---
[MBR] 0c1e807ba63fa41266813a2d1f0893df
[BSP] db1c320ce47d79299f7605bf2d62f6b4 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 475862 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 975726592 | Size: 510 MB
User = LL1 ... OK
User = LL2 ... OK

 

[rakija77]

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2017.07.02.02
rootkit: v2017.05.27.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18698
Korisnik :: MSIGT60 [administrator]

2.7.2017. 15:48:53
mbar-log-2017-07-02 (15-48-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 258834
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[rakija77]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18698

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 17067515904, free: 11565436928

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18698

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 17067515904, free: 11532763136

Downloaded database version: v2017.07.02.02
Downloaded database version: v2017.05.27.01
Downloaded database version: v2017.06.16.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
07/02/2017 15:48:45
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{962C2D11-42F0-4C85-9E23-610A8025DCCB}\MpKslf9d4ccf8.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e2xw8x64.sys
\SystemRoot\system32\DRIVERS\NETwew00.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\ICCWDT.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\ETDSMBus.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\ibtfltcoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\rzpmgrk.sys
\??\C:\Windows\system32\drivers\rzpnk.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{402A4677-6D3E-44CF-A714-A0723979065C}\MpKsl59821568.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\rzendpt.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\rzudd.sys
\??\C:\Windows\System32\drivers\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
main: v2017.07.02.02
rootkit: v2017.05.27.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00157bfb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00157bfbb20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00157bfb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0015478ee50, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe00155527060, DeviceName: \Device\0000003e\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 5DE0B927

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2717400499
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 5e4471da-ab1-46e2-ad25-57988affbb
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2717400499
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 5e4471da-ab1-46e2-ad25-57988affbb
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 838b93e9-709-4d18-902-5eda33c58992
FirstLBA 2048 Last LBA 923647
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 298afda5-e688-468a-8fe3-282bf46c8a1
FirstLBA 923648 Last LBA 1128447
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 8d308d28-20e1-42fd-af61-8619b96b1cc8
FirstLBA 1128448 Last LBA 1161215
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 49612f8c-bc10-4f12-8ea6-76104b6e2db6
FirstLBA 1161216 Last LBA 975726591
Attributes 0
Partition Name Basic data partition

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 6d7d8a92-7ffc-40e6-93d8-d9e7add4ea83
FirstLBA 975726592 Last LBA 976771071
Attributes 1
Partition Name

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1)
File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1)
File "C:\Windows\System32\fsquirt.exe" is compressed (flags = 1)
File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1)
File "C:\Windows\System32\streamci.dll" is compressed (flags = 1)
File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1)
File "C:\Windows\System32\WMALFXGFXDSP.dll" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89D78A2A961E38E92EAA37718C0F6EAAF4998808.bin.83" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

[rakija77]

# AdwCleaner v6.047 - Logfile created 02/07/2017 at 22:55:35
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 8.1 Pro (X64)
# Username : Korisnik - MSIGT60
# Running from : C:\Users\Roko\AppData\Local\Temp\scoped_dir5604_22817\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1035 Bytes] - [04/06/2017 07:45:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [856 Bytes] - [02/07/2017 22:55:35]
C:\AdwCleaner\AdwCleaner[S0].txt - [1173 Bytes] - [04/06/2017 07:45:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [1321 Bytes] - [02/07/2017 22:54:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1074 Bytes] ##########

 

[rakija77]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 Pro x64
Ran by Korisnik (Administrator) on ned 02.07.2017. at 23:04:51,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-1483072306-4082277022-3870291831-1001 (Task)
Successfully deleted: C:\Windows\system32\Tasks\update-sys (Task)
Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-1483072306-4082277022-3870291831-1001.job (Task)
Successfully deleted: C:\Windows\Tasks\update-sys.job (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ned 02.07.2017. at 23:05:53,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[rakija77]

And here the Malwarebytes scan you asked for:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/2/17
Scan Time: 2:15 PM
Log File: mwb.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2276
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: MSIGT60\Korisnik

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324235
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

[Broni]

Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.

2. Read the terms of the End-user license agreement and click Agree.

3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

The tool will produce a log in the same directory the tool was run from.

Please copy and paste the log in your next reply.

 

[rakija77]

5748 lines log file, posted here:

http://pastecode.org/index.php/view/c8951466

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[rakija77]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-07-2017 01
Ran by Korisnik (administrator) on MSIGT60 (04-07-2017 03:42:46)
Running from C:\Users\Roko\Desktop
Loaded Profiles: Korisnik (Available Profiles: Korisnik)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.32\opera_autoupdate.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18290688 2017-03-30] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3366624 2016-12-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [297984 2016-01-22] (MSI)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\KLM\KLM.exe [2151224 2015-11-10] (Application)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1483072306-4082277022-3870291831-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170360 2017-04-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2017-04-01] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4F116F40-EBFC-4D9D-9F6E-D4ECEE7223D9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BC1B9C2D-5EC3-4230-9CAC-826EEAD2C223}: [DhcpNameServer] 83.139.103.3 83.139.121.8

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-07] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-07] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-07] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Roko\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-05-07]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144088 2016-12-22] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-01-22] (Micro-Star International Co., Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
S2 NVWMI; C:\Windows\system32\nvwmi64.exe [4243392 2017-04-01] (NVIDIA Corporation)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [401024 2017-06-16] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [178824 2017-06-16] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [32840 2017-02-10] (ELAN Microelectronic Corp.)
R3 KillerEth; C:\Windows\system32\DRIVERS\e2xw8x64.sys [162456 2016-02-12] (Qualcomm Atheros, Inc.)
R1 MpKsla96fc2b4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D02A8CDD-7038-4957-A182-8EE7DF05D24A}\MpKsla96fc2b4.sys [44928 2017-07-03] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-04-26] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-06-22] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-07-02] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-04 03:42 - 2017-07-04 03:43 - 00010675 _____ C:\Users\Roko\Desktop\FRST.txt
2017-07-04 03:42 - 2017-07-04 03:42 - 00000000 ____D C:\Users\Roko\Desktop\FRST-OlderVersion
2017-07-04 01:19 - 2017-07-04 01:19 - 00549504 _____ (ESET) C:\Users\Roko\Desktop\ESETPoweliksCleaner (1).exe
2017-07-04 01:13 - 2017-07-04 01:13 - 00000022 _____ C:\Users\Roko\Desktop\ESETPoweliksCleaner.exe_20170704.011306.5776.zip
2017-07-04 01:12 - 2017-07-04 01:12 - 00000022 _____ C:\Users\Roko\Desktop\ESETPoweliksCleaner.exe_20170704.011235.3688.zip
2017-07-04 01:11 - 2017-07-04 01:11 - 00000022 _____ C:\Users\Roko\Desktop\ESETPoweliksCleaner.exe_20170704.011143.1984.zip
2017-07-04 01:11 - 2017-07-04 01:11 - 00000022 _____ C:\Users\Roko\Desktop\ESETPoweliksCleaner.exe_20170704.011125.1916.zip
2017-07-04 01:08 - 2017-07-04 01:08 - 00549504 _____ (ESET) C:\Users\Roko\Desktop\ESETPoweliksCleaner.exe
2017-07-03 22:48 - 2017-07-03 22:48 - 00001189 _____ C:\Users\Roko\Desktop\mwb.txt
2017-07-03 22:28 - 2017-07-04 03:41 - 00000000 ____D C:\Users\Roko\Desktop\prvi scan sistema
2017-07-03 22:27 - 2017-07-03 22:28 - 65033984 _____ (Malwarebytes ) C:\Users\Roko\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-07-03 11:43 - 2017-07-03 11:43 - 00002259 _____ C:\Windows\epplauncher.mif
2017-07-03 11:43 - 2017-07-03 11:43 - 00000000 ____D C:\c6941a429d1641fdcb7fcfcd0a6005
2017-07-03 11:41 - 2017-07-03 11:42 - 15065792 _____ (Microsoft Corporation) C:\Users\Roko\Desktop\mseinstall64.exe
2017-07-03 11:12 - 2017-07-03 11:27 - 00000000 ____D C:\Users\Roko\Downloads\The.Hunt.2012.720p.BluRay.x264-x0r
2017-07-03 11:11 - 2017-07-03 11:11 - 00000000 ____D C:\Users\Roko\AppData\LocalLow\uTorrent
2017-07-02 23:08 - 2017-07-04 03:42 - 02436096 _____ (Farbar) C:\Users\Roko\Desktop\FRST64.exe
2017-07-02 23:08 - 2017-07-04 03:42 - 00000000 ____D C:\FRST
2017-07-02 23:04 - 2017-07-02 23:04 - 01663672 _____ (Malwarebytes) C:\Users\Roko\Desktop\JRT.exe
2017-07-02 22:13 - 2017-07-02 22:13 - 04110280 _____ C:\Users\Roko\Desktop\adwcleaner_6.047.exe
2017-07-02 15:48 - 2017-07-02 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-02 15:46 - 2017-07-02 15:46 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-07-02 15:43 - 2017-07-02 16:02 - 00000000 ____D C:\Users\Roko\Desktop\mbar
2017-07-02 15:42 - 2017-07-02 15:42 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Roko\Desktop\mbar-1.09.3.1001.exe
2017-07-02 14:45 - 2017-07-03 22:31 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-07-02 14:45 - 2017-07-03 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-02 14:45 - 2017-07-03 22:31 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-02 14:43 - 2017-07-02 14:43 - 35489760 _____ (Adlice Software ) C:\Users\Roko\Desktop\RogueKiller_setup.exe
2017-07-02 14:40 - 2017-07-02 14:46 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-02 14:34 - 2017-07-02 14:39 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-02 14:30 - 2017-07-02 14:31 - 35489760 _____ (Adlice Software ) C:\Users\Roko\Downloads\RogueKiller_setup_ref3.exe
2017-07-02 14:14 - 2017-07-03 22:41 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-02 14:14 - 2017-07-03 22:29 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-02 14:14 - 2017-07-03 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-02 14:14 - 2017-07-02 14:14 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-02 14:14 - 2017-06-27 12:06 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-02 14:11 - 2017-07-02 14:13 - 65033984 _____ (Malwarebytes ) C:\Users\Roko\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-02 14:08 - 2017-07-02 14:10 - 64025992 _____ (Malwarebytes ) C:\Users\Roko\Desktop\mb3-setup-32138.32138-3.1.2.1733-1.0.139-1.0.2060.exe
2017-07-02 11:40 - 2017-07-02 11:40 - 00000000 ____D C:\Users\Roko\Downloads\La.Haine.French.Dutch.and.English.Subs.Dvdrip.1995-PrinzNL
2017-06-30 23:04 - 2017-06-30 23:04 - 00001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-06-29 23:53 - 2017-06-29 23:53 - 00003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-06-29 23:53 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-06-29 23:53 - 2017-06-21 09:07 - 00179320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-06-29 23:53 - 2017-06-21 09:07 - 00146552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-06-29 23:53 - 2017-06-21 09:07 - 00048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-06-28 19:39 - 2017-06-28 19:39 - 00000000 ____D C:\Users\Roko\Documents\League of Legends
2017-06-28 19:38 - 2017-06-28 19:38 - 00000000 ____D C:\Users\Roko\AppData\Roaming\LolClient
2017-06-28 18:04 - 2017-06-28 18:04 - 00000000 ____D C:\ProgramData\Riot Games
2017-06-28 18:03 - 2017-06-29 10:39 - 00001720 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-06-28 18:03 - 2017-06-28 18:03 - 00000000 ____D C:\Riot Games
2017-06-28 18:03 - 2017-06-28 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-06-28 18:03 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-06-28 18:03 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-06-28 18:03 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-06-28 18:00 - 2017-06-28 18:03 - 00000000 ____D C:\Users\Roko\AppData\Roaming\Riot Games
2017-06-22 10:05 - 2017-07-02 15:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-21 21:14 - 2017-06-21 21:14 - 00000000 ____D C:\Users\Roko\Desktop\YEEZY
2017-06-20 18:32 - 2017-06-20 18:42 - 00000000 ____D C:\Users\Roko\Downloads\Rushmore (1998)
2017-06-20 18:32 - 2017-06-20 18:33 - 00000000 ____D C:\Users\Roko\Downloads\Leon The Professional Extended (1994)
2017-06-20 18:32 - 2017-06-20 18:32 - 00018076 _____ C:\Users\Roko\Downloads\Léon- The Professional (1994) [720p] [YTS.AG].torrent
2017-06-20 18:32 - 2017-06-20 18:32 - 00008188 _____ C:\Users\Roko\Downloads\Rushmore (1998) [720p] [YTS.AG] (1).torrent
2017-06-20 18:31 - 2017-06-20 18:31 - 00008188 _____ C:\Users\Roko\Downloads\Rushmore (1998) [720p] [YTS.AG].torrent
2017-06-17 17:25 - 2017-06-29 15:57 - 00000000 ____D C:\Users\Roko\AppData\Roaming\TS3Client
2017-06-17 17:25 - 2017-06-17 17:25 - 00000979 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-06-17 17:25 - 2017-06-17 17:25 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-06-17 17:25 - 2017-06-17 17:25 - 00000000 ____D C:\Users\Roko\.TeamSpeak 3
2017-06-17 17:25 - 2017-06-17 17:25 - 00000000 ____D C:\Users\Roko\.QtWebEngineProcess
2017-06-17 17:25 - 2017-06-17 17:25 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-06-16 10:06 - 2017-06-16 10:06 - 00109696 _____ (Razer Inc.) C:\Windows\system32\RzChromaSDK64.dll
2017-06-16 10:06 - 2017-06-16 10:06 - 00102016 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll
2017-06-16 09:54 - 2017-06-16 09:54 - 00049288 _____ (Razer Inc.) C:\Windows\SysWOW64\RzAPIChromaSDK.dll
2017-06-15 23:33 - 2017-06-15 23:33 - 325541992 _____ C:\Windows\MEMORY.DMP
2017-06-15 23:33 - 2017-06-15 23:33 - 00270816 _____ C:\Windows\Minidump\061517-17265-01.dmp
2017-06-14 16:39 - 2017-06-02 14:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-14 16:39 - 2017-06-02 14:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-14 16:39 - 2017-06-02 14:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-14 16:39 - 2017-06-02 14:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 16:39 - 2017-06-02 14:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-14 16:39 - 2017-06-02 13:30 - 03635200 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-14 16:39 - 2017-06-02 13:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-14 16:39 - 2017-06-02 12:58 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-14 16:39 - 2017-06-02 12:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-14 16:39 - 2017-06-02 12:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-14 16:39 - 2017-06-02 12:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-14 16:39 - 2017-06-02 12:02 - 02751488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-14 16:39 - 2017-06-02 11:43 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-14 16:39 - 2017-06-02 11:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-14 16:39 - 2017-05-15 21:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-14 16:39 - 2017-05-14 22:44 - 04170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-14 16:39 - 2017-05-14 22:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 16:39 - 2017-05-14 22:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-14 16:39 - 2017-05-14 22:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-14 16:39 - 2017-05-14 22:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 16:39 - 2017-05-14 22:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-14 16:39 - 2017-05-14 21:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 16:39 - 2017-05-14 21:32 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-06-14 16:39 - 2017-05-14 21:31 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-06-14 16:39 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-14 16:39 - 2017-05-14 21:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-14 16:39 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-14 16:39 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-14 16:39 - 2017-05-14 21:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-14 16:39 - 2017-05-14 21:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 16:39 - 2017-05-14 20:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-14 16:39 - 2017-05-14 20:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-14 16:39 - 2017-05-14 20:48 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-06-14 16:39 - 2017-05-14 20:46 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-06-14 16:39 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-14 16:39 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-14 16:39 - 2017-05-14 20:38 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-14 16:39 - 2017-05-14 20:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-14 16:39 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-14 16:39 - 2017-05-14 20:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-14 16:39 - 2017-05-14 20:16 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 16:39 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-14 16:39 - 2017-05-14 20:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 16:39 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-14 16:39 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-14 16:39 - 2017-05-14 20:06 - 07441240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 16:39 - 2017-05-14 20:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 16:39 - 2017-05-14 20:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-14 16:39 - 2017-05-12 19:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-14 16:39 - 2017-05-12 18:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-14 16:39 - 2017-05-12 18:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-14 16:39 - 2017-05-12 17:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-14 16:39 - 2017-05-12 17:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-14 16:39 - 2017-05-12 17:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-14 16:39 - 2017-05-12 17:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-14 16:39 - 2017-05-12 06:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 16:39 - 2017-05-12 04:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 16:39 - 2017-05-12 04:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 16:39 - 2017-05-12 04:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 16:39 - 2017-05-12 04:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 16:39 - 2017-05-12 04:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 16:39 - 2017-05-12 04:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-06-14 16:39 - 2017-05-12 04:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 16:39 - 2017-05-12 04:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 16:39 - 2017-05-12 04:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 16:39 - 2017-05-12 01:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 16:39 - 2017-05-12 01:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-14 16:39 - 2017-05-10 20:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 16:39 - 2017-05-06 18:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 16:39 - 2017-05-06 18:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 16:39 - 2017-04-09 22:40 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhvr.sys
2017-06-14 16:39 - 2017-04-09 22:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2017-06-14 16:39 - 2017-04-09 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbusr.sys
2017-06-14 16:39 - 2017-04-09 21:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspiper.dll
2017-06-14 16:39 - 2017-04-06 19:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-14 16:39 - 2017-04-06 19:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-06-14 16:39 - 2017-04-06 18:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 16:39 - 2017-04-06 18:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-14 16:39 - 2017-04-06 18:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-14 16:39 - 2017-04-06 18:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-06-14 16:39 - 2017-04-06 18:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-14 16:39 - 2017-04-06 17:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-06-14 16:39 - 2017-04-02 16:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-14 16:39 - 2017-04-02 15:40 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-06-14 16:39 - 2016-06-11 18:50 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-14 16:39 - 2016-06-11 18:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-10 09:16 - 2017-06-10 09:16 - 00013216 _____ C:\Users\Roko\Documents\cc_20170610_091604.reg
2017-06-10 09:15 - 2017-06-10 09:15 - 00067434 _____ C:\Users\Roko\Documents\cc_20170610_091534.reg
2017-06-07 22:57 - 2017-06-07 23:04 - 00000000 ____D C:\Users\Roko\Downloads\The Last King of Scotland (2006)
2017-06-04 09:46 - 2017-06-04 09:53 - 00000000 ____D C:\Users\Roko\Desktop\New folder
2017-06-04 09:00 - 2017-06-04 09:07 - 00007602 _____ C:\Users\Roko\AppData\Local\resmon.resmoncfg
2017-06-04 07:44 - 2017-07-02 22:55 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-04 03:41 - 2017-05-07 01:07 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-04 03:32 - 2017-05-06 20:54 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1483072306-4082277022-3870291831-1001
2017-07-03 22:21 - 2017-05-06 20:57 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-03 13:42 - 2017-05-06 20:55 - 00000000 ____D C:\Users\Roko\AppData\Roaming\uTorrent
2017-07-03 12:47 - 2017-05-10 00:17 - 00000993 _____ C:\Users\Roko\Documents\fgfgfgffg.txt
2017-07-02 22:56 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-02 22:55 - 2017-05-06 20:44 - 00000000 ____D C:\Users\Roko
2017-07-02 15:06 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-02 14:03 - 2017-05-06 21:07 - 00000000 ____D C:\Program Files\Opera
2017-07-02 02:09 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-06-30 23:04 - 2017-05-06 21:07 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1494097665
2017-06-29 23:53 - 2017-05-06 23:11 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:11 - 00001432 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-06-29 23:53 - 2017-05-06 23:10 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:10 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:10 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:10 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:10 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 23:10 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-29 23:53 - 2017-05-06 20:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-29 23:53 - 2017-05-06 20:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-29 23:53 - 2017-05-06 20:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-21 09:07 - 2017-05-06 23:11 - 01903224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-06-21 09:07 - 2017-05-06 23:11 - 01755256 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-06-21 09:07 - 2017-05-06 23:11 - 01489528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-06-21 09:07 - 2017-05-06 23:11 - 01317496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-06-21 09:07 - 2017-05-06 23:11 - 00121464 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-06-20 22:58 - 2017-05-06 23:10 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-06-17 03:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2017-06-16 21:09 - 2017-05-06 20:48 - 00000000 ____D C:\Users\Roko\AppData\Local\Packages
2017-06-16 21:09 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 21:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-06-15 23:33 - 2017-05-15 20:24 - 00000000 ____D C:\Windows\Minidump
2017-06-15 09:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-06-15 08:10 - 2013-08-22 16:44 - 00365880 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-15 00:45 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-06-14 17:01 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-06-14 17:00 - 2017-05-06 21:13 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 16:58 - 2017-05-06 21:13 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-14 16:34 - 2017-05-07 14:49 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-14 16:34 - 2017-05-07 14:49 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-14 16:34 - 2017-05-07 14:49 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-13 21:10 - 2017-06-01 19:42 - 00000000 ____D C:\Users\Roko\Desktop\TRIO DIvertimento
2017-06-10 10:20 - 2017-05-06 21:08 - 00000000 ____D C:\Users\Roko\AppData\Local\CrashDumps
2017-06-10 10:18 - 2017-05-06 23:02 - 00000000 ____D C:\Users\Roko\AppData\Local\ElevatedDiagnostics
2017-06-10 10:06 - 2017-05-06 20:46 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-10 09:27 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-06-10 09:22 - 2017-05-15 21:51 - 00035328 ___SH C:\Users\Roko\Desktop\Thumbs.db
2017-06-10 09:14 - 2017-05-07 06:36 - 00000000 ____D C:\Windows\Panther
2017-06-10 09:07 - 2017-05-07 05:50 - 00000000 __SHD C:\Users\Roko\AppData\Local\EmieUserList
2017-06-10 09:07 - 2017-05-07 05:50 - 00000000 __SHD C:\Users\Roko\AppData\Local\EmieSiteList
2017-06-10 09:06 - 2017-05-08 22:18 - 00004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-10 09:06 - 2017-05-07 22:12 - 00000000 ____D C:\Users\Roko\AppData\Local\Adobe
2017-06-10 09:06 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-10 09:06 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-07 22:51 - 2017-05-06 20:57 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-06-04 09:10 - 2013-08-22 17:36 - 00000000 ____D C:\PerfLogs

==================== Files in the root of some directories =======

2017-06-04 09:00 - 2017-06-04 09:07 - 0007602 _____ () C:\Users\Roko\AppData\Local\resmon.resmoncfg
2017-05-25 22:06 - 2017-05-25 22:06 - 0000003 _____ () C:\Users\Roko\AppData\Local\updater.log
2017-05-25 22:06 - 2017-05-25 22:06 - 0000425 _____ () C:\Users\Roko\AppData\Local\UserProducts.xml

Files to move or delete:
====================
C:\Users\Roko\installshield_scm.reg
C:\Users\Roko\scm.reg


Some files in TEMP:
====================
2017-07-02 14:34 - 2017-05-14 20:06 - 1737600 _____ (Microsoft Corporation) C:\Users\Roko\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-03 04:15

==================== End of FRST.txt ============================

 

[rakija77]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01
Ran by Korisnik (04-07-2017 03:43:15)
Running from C:\Users\Roko\Desktop
Windows 8.1 Pro (Update) (X64) (2017-05-06 18:47:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1483072306-4082277022-3870291831-500 - Administrator - Disabled)
Guest (S-1-5-21-1483072306-4082277022-3870291831-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1483072306-4082277022-3870291831-1003 - Limited - Enabled)
Korisnik (S-1-5-21-1483072306-4082277022-3870291831-1001 - Administrator - Enabled) => C:\Users\Roko

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1483072306-4082277022-3870291831-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
ELAN Touchpad 15.13.7.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.7.1 - ELAN Microelectronic Corp.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.14.5270 - Gretech Corporation)
Help Desk (HKLM-x32\...\{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1610.3101 - Micro-Star International Co., Ltd.) Hidden
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1610.3101 - Micro-Star International Co., Ltd.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
KLM (HKLM-x32\...\{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1511.1001 - Application) Hidden
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1511.1001 - Application)
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation)
NVIDIA nView 148.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.47 - NVIDIA Corporation)
NVIDIA WMI 2.30.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.30.0 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Opera Stable 46.0.2597.32 (HKLM-x32\...\Opera 46.0.2597.32) (Version: 46.0.2597.32 - Opera Software)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.2.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.28161 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8105 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.5.0 - Adlice Software)
S-Bar (HKLM-x32\...\{EA37105B-24BD-4B05-8D4A-3CA5945CBD40}) (Version: 21.012.12039 - )
SCM (HKLM\...\{8B57FEA1-ABC0-4469-9205-856FD0D97C40}) (Version: 13.016.01229 - Application)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinRAR 5.50 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.2 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1483072306-4082277022-3870291831-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-05-05] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers05: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2017-02-15] ()
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-04-01] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-05-05] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10E6DE53-CFBB-4808-9387-FDD75B9E7498} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {13C552C3-1635-457C-B7F0-44F64A9F52A7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-06-10] (Adobe Systems Incorporated)
Task: {6A521564-F8CC-45A4-B67F-70AB0763989D} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2017-02-15] ()
Task: {6CD357D1-7F35-487E-8DDE-830C166450E3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {6E6AA8BB-D67D-4196-BC4E-3EA18DEE6F62} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {73B44330-4EE0-494D-ADAA-E625E094153E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {74544A63-6549-4788-9A33-8D8C24FD3466} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {7C391A88-EC41-4ECC-B250-AF8858DAFD3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {954CC547-7EC4-470D-A0D4-D3F2EE511A0C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {9B7A3264-7C92-46A8-9463-DE5A010A17EE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {AE25B5AC-298F-4692-88C8-4C995D3A6C7F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {B9499BAC-CEB4-45BA-B14A-C3B4862F6457} - System32\Tasks\Microsoft\Windows\PLA\New Data Collector Set => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "New Data Collector Set" "$(Arg0)"
Task: {D018382E-AF5C-4C9F-A735-247A126A3225} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2016-10-31] (Micro-Star International Co., Ltd.)
Task: {DDEC85D5-383C-4575-B0CA-647A5ADADF18} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {EAD3E5C2-FD55-4111-8248-F2DE9606441A} - System32\Tasks\Opera scheduled Autoupdate 1494097665 => C:\Program Files\Opera\launcher.exe [2017-06-27] (Opera Software)
Task: {EC31D47A-348F-4619-8774-3CA2F0CEDCCA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {F2D39596-C03D-4469-A74F-8123EEA6C45F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-09-25 00:20 - 2016-09-25 00:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-05-06 23:10 - 2017-06-21 09:07 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-06 20:57 - 2017-04-01 04:10 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-05-06 20:58 - 2017-02-15 03:19 - 00794672 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2017-05-06 23:10 - 2017-06-21 09:07 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1483072306-4082277022-3870291831-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roko\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{10B2716A-D89C-4AED-907C-C85D3A2A6190}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE1C98D0-6A7B-4F05-9968-3049B7FE8C2E}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9E47627B-7D73-4114-B58A-52632767DDBD}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E60E6F9-F81E-4C14-8516-07FC003AB30B}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5D613270-A6DB-4FD6-9A22-83D9DA6FEDE8}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{402D1BD4-4A78-49ED-BB40-4601DAAEE130}] => (Allow) C:\Users\Roko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2DCD11F2-A328-4631-ACE7-C1B204E473C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C6335945-48CF-4FE6-B4E2-515454705D06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C5F8A03D-AC5F-45A2-AA8C-63547996015C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B7B2CA41-9E66-4CC9-87A5-8604A8E2E1C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9368F0D9-FAC0-44E4-8747-13234D4B1B22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3D56A99E-042E-422A-99C7-2BC14DB8B8B6}C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe] => (Allow) C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe
FirewallRules: [UDP Query User{98539144-8CA6-4C4E-AC37-61EC7837E7FE}C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe] => (Allow) C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe
FirewallRules: [{40313F28-97BC-483E-95CB-B7E79267D67A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3B1FADB-C8C6-4BD5-A938-0196293110EB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CAD70CEC-EA28-4606-A452-619E75FD9002}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{58FD7F24-C322-4F40-A88A-B0E5F58B1ABB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{22856781-F347-40C4-9623-988F9966DCC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E1A6F487-DF74-481A-97C3-289C826EC72B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{6F5D28CD-B129-4D97-B47D-D972F3F3C6AD}C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe] => (Allow) C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe
FirewallRules: [UDP Query User{58EB8272-7EE3-44B0-8E7D-81744EAAC568}C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe] => (Allow) C:\users\roko\documents\sdi_r1751\sdi_x64_r1751.exe
FirewallRules: [{4BD282DD-A8F5-4ADB-AA7C-450101E82E2A}] => (Allow) C:\Program Files\Opera\45.0.2552.898\opera.exe
FirewallRules: [{48D233F8-B584-4FA2-899F-FEB90C81F1D3}] => (Allow) C:\Program Files\Opera\46.0.2597.32\opera.exe

==================== Restore Points =========================

15-06-2017 23:52:06 Installed DirectX
28-06-2017 18:00:31 Installed League of Legends
02-07-2017 15:41:38 Installed New Software
02-07-2017 23:04:54 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2017 01:08:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/03/2017 10:19:49 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (07/03/2017 10:19:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/03/2017 11:43:50 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: MSIGT60)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

Error: (07/03/2017 10:52:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (07/03/2017 10:52:39 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/02/2017 10:59:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/02/2017 10:58:06 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (07/02/2017 10:03:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/02/2017 10:02:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (07/03/2017 04:17:02 AM) (Source: DCOM) (EventID: 10010) (User: MSIGT60)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (07/03/2017 04:16:32 AM) (Source: DCOM) (EventID: 10010) (User: MSIGT60)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (07/02/2017 11:05:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/02/2017 11:05:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA WMI Provider service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2017 11:05:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/02/2017 10:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Chroma SDK Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2017-07-03 04:16:04.436
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-27 21:44:56.114
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-22 10:14:48.941
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-18 16:56:11.491
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-15 08:48:59.851
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-13 18:18:22.493
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-11 06:55:34.801
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-09 18:11:52.324
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-07 16:44:26.691
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-04 10:09:55.075
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16276.85 MB
Available physical RAM: 13858.56 MB
Total Virtual: 32660.85 MB
Available Virtual: 30164.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.71 GB) (Free:348.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5DE0B927)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[rakija77]

Sorry, the forum wouldn't let me post, saying it's spam or innapropriate. I sent message to admin.

http://pastecode.org/index.php/view/ada9aee4

 

[Broni]

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01
Ran by Korisnik (04-07-2017 10:24:08) Run:1
Running from C:\Users\Roko\Desktop
Loaded Profiles: Korisnik (Available Profiles: Korisnik)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
2017-06-04 09:00 - 2017-06-04 09:07 - 0007602 _____ () C:\Users\Roko\AppData\Local\resmon.resmoncfg
2017-05-25 22:06 - 2017-05-25 22:06 - 0000003 _____ () C:\Users\Roko\AppData\Local\updater.log
2017-05-25 22:06 - 2017-05-25 22:06 - 0000425 _____ () C:\Users\Roko\AppData\Local\UserProducts.xml
C:\Users\Roko\installshield_scm.reg
C:\Users\Roko\scm.reg
2017-07-02 14:34 - 2017-05-14 20:06 - 1737600 _____ (Microsoft Corporation) C:\Users\Roko\AppData\Local\Temp\dllnt_dump.dll
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
C:\Users\Roko\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\Roko\AppData\Local\updater.log => moved successfully
C:\Users\Roko\AppData\Local\UserProducts.xml => moved successfully
C:\Users\Roko\installshield_scm.reg => moved successfully
C:\Users\Roko\scm.reg => moved successfully
C:\Users\Roko\AppData\Local\Temp\dllnt_dump.dll => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.

==== End of Fixlog 10:24:14 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[rakija77]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[rakija77]

Farbar Service Scanner Version: 27-01-2016
Ran by Korisnik (administrator) on 04-07-2017 at 23:08:10
Running from "C:\Users\Roko\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[rakija77]

Temp File Cleaner deleted 51 MB of data, no restart suggested

Sophos Free Virus Removal Tool found no threats

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

 

[rakija77]

Right now I turned on my laptop, I got a notification to allow MSI to make changes. I clicked yes, a black dos window appeared for a fraction of a second, and thats it.

I looked onto my desktop and I notticed a Homegroup icon which I've seen never before. As I'm looking at it, the icon dissapeared.
I went into task menager to see whats happening and I got this

The COM surrogate process is back in the task menager, it just dissapears after a second or two.
So did I just install the virus back or what happened this morning.

 

[Broni]

COM Surrogate is a legit process, so unless there are some other issues you should be good to go.